macOS
brew install kubehoundlocal Homebrew formula metadata
brew
Tool for building Kubernetes attack paths. Version 1.6.7 via Homebrew; verified from local package data.
install
brew install kubehoundlocal Homebrew formula metadata
overview
Tool for building Kubernetes attack paths
history
KubeHound is Datadog's open source Kubernetes attack-graph tool. It collects cluster data, computes attack paths, and stores them in a graph database so defenders and red teams can reason about multi-hop compromise paths instead of isolated findings.
The public GitHub repository was created on May 15, 2023. Datadog Security Labs announced KubeHound on October 2, 2023, describing it as a new open source project for visualizing attack paths in Kubernetes deployments.
Datadog's 2023 Security Labs review says KubeHound was an internal project used by the adversary emulation team before it was open sourced. The documentation presents KubeHound as a graph of pods, nodes, identities, permissions, and attack techniques.
KubeHound is narrower than general Kubernetes admin tools, but it entered package-manager culture quickly enough to appear in Homebrew. That packaging matters for security teams because the tool is meant to run from an analyst workstation against a selected kubeconfig context.
The project's adoption signal is strongest in Kubernetes security circles: official docs, Datadog Security Labs posts, and conference material frame it as a way to prioritize security work by graph reachability rather than scanner output volume.
KubeHound can select a target cluster through kubectx or through a KUBECONFIG environment variable. It ingests data from the Kubernetes API server, computes attack paths, stores results in JanusGraph, and supports graph queries through Gremlin or the KubeHound DSL.
The documentation says KubeHound can identify more than 25 attacks, including container escape and lateral movement techniques, and can answer questions such as whether a path exists from a specific container to a node or cluster-admin role.
KubeHound is package-nerd interesting because it brings graph-security analysis into a CLI that can be installed from Homebrew beside kubectl and kubectx. It represents the Kubernetes security tooling trend from static lists toward attack-path modeling.
security posture
infrastructure mutation or orchestration signal.
orange risk · medium confidence · infrastructure
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
executables
| Command | Kind | Exposure | Note |
|---|---|---|---|
kubehound | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/DataDog/KubeHound
install metadata
| Package key | brew:kubehound |
|---|---|
| Version | 1.6.7 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/kubehound |
| Homepage | https://kubehound.io |
| Repository | https://github.com/DataDog/KubeHound |
| Upstream docs | https://kubehound.io/ |
| License | Apache-2.0 |
| Source archive | https://github.com/DataDog/KubeHound/archive/refs/tags/v1.6.7.tar.gz |
| Build dependencies | go |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | kubehound |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.